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REMARKS/ARGUMENTS 

Introduction 

Claims 1-32 were pending in the application. The examiner rejected claims 1-32. Applicant 
has amended claims 1, 8, 10, 12, 16-17, 19, 21, 23, 27, 30 and 32. Thus, claims 1-32 are pending in 
the application. 

Examiner Request for Comment upon and Submission of Missing Information Disclosure 
Statements 

The examiner has requested applicant to comment upon the Information Disclosure 
Statements submitted in this application and to submit any Information Disclosure Statements and 
their PTO 1449s that may be missing from the Patent Office file. Specifically, the examiner pointed 
out an inconsistency in the Patent Office file for this application. The examiner observed that the 
Patent Office folder jacket indicates that three Information Disclosure Statements have been 
submitted in the application. However, the examiner found only two Form PTO 1449s actually 
present in the Patent Office file. The date of one of the PTO 1449s matches the date of one of the 
Information Disclosure Statements identified on the file jacket, but the date of the other PTO 1449 
does not match the date of either of the other Information Disclosure Statements identified on the 
file jacket. The examiner has requested that the applicant comment upon these inconsistencies, and 
that the applicant submit any missing Information Disclosure Statements and their PTO 1449s. 

Applicant submits copies of the following two Information Disclosure Statements, their 
PTO- 1 449s and references : 

Paper No. 4, dated March 30, 2001, and received by the USPTO on April 3, 2001 
Paper No. 5, dated June 12, 2001, and received by the USPTO on June 18, 2001 

Applicant would appreciate the Examiner initialing and returning the Form PTO- 1449s, 
indicating that the information has been considered and made of record herein. 

Applicant also submits a copy of the Information Disclosure Statement dated November 26, 
200 1 , and received by the USPTO on December 3 1 , 200 1 , and a copy of the PTO- 1 449 initialed by 
the examiner. Since the examiner initialed the PTO- 1449, we did not provide copies of the 
references. If you would like Applicant to provide copies of the references, please let us know. 
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Claim Rejections - 35 USC 103 

The examiner rejected claims 1-32 under 35 USC 103 as being unpatentable over 
Annevelink (USP 5,448,727) in view of Martin et al. (EP 0955761). The examiner asserted as to 
claim 1 that Annevelink teaches partitioning a plurality of objects into a plurality of domains and 

(inherently) creating a list (which is to contain the information for properly accessing and otherwise 
manipulating the data that a domain contains). The examiner stated that Martin teaches an access 
control list, (for use in an access to a domain), formed with access control rights for different 
users/members and/or bodies. The examiner asserted that it would have been obvious for one of 
ordinary skill in the art at the time the invention was made to form a specific security list as that of 

■ 

Martin for Avennelink's partitioned objects in domains. The examiner asserted that a skilled person 
would have been motivated to do such forming because Martin teaches using such a list to control 
an access to his objects in his domains and because Annevelink teaches objects in domains which 
are to be properly accessed. 

Applicant respectfully traverses the rejection of claim 1 as amended, which recites the 

* 

following. 

1 . A method for managing security on a business application 
management platform implemented on a computer, comprising the 
steps of: 

partitioning a plurality of business objects into a hierarchy of 
domains; and 

creating a security list configured to grant a member the right 
to perform a security operation on a business object located in said 
hierarchy of domains, comprising the steps of: 

adding said security operation to said security list; 

applying said security operation to a given domain and 
to each child domain of the given domain; and 

adding said member to said security list. 

Support for the present amendment of claim 1 is found in the specification as originally 

filed, which states the following. 

Domains are the Platform's partitioning mechanism for 
business objects. Domains allow users to define a hierarchical 
structure that models their organization or business, for example, 
based on geography or division. For example, the following simple 
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example shows a three-domain organization, with a root "World" 
domain and two child "US" and "Europe" domains. [See drawing in 
body of patent application specification illustrating this hierarchical 
domain structure.] 

All business objects are assigned a specific domain and belong 
to that domain. In turn, security privileges are assigned on specific 
domains. The domain hierarchy is automatically enforced during 
security checks. This means that users who have access to a domain 
can access the objects in that domain, and that users who have access 
to ancestors of a given domain also have access to objects in that 
domain. (Emphasis added.) 

See patent application specification at page 71, line 15-page 72, line 10. 

Additional support is provided by the domain table structure of "fgt_domain" (Table 6), 
which is the domain table structure of one embodiment. The fgt_domain table includes "Parent_id" 
as one of its column entries. See patent application specification at page 79, lines 23-30. Thus, the 
specification teaches that a hierarchy of domains can be built into the domain structure in 
accordance with a present embodiment. 

Still further support is provided by the explanation of an example SQL used to load 
privileges. See patent application specification at page 83, line 31-page 85, line 14. Privilege is a 
set of one or more security operations. See patent application specification at page 70, lines 26-27. 
More specifically, in an example, a table "tpt_dummy_flatjree" stores parent/child relationships for 
all domains in the system. This allows the example SQL to include a join that obtains privileges for 
both a specified domain and all of its child domains. The SQL checks the value of a "privs" field 
and forms a new union of bitmaps that is a union of bitmap fields for the specified field and all of its 
ancestors. See patent application specification at page 84, line 51-page 85, line 14. Thus, the 
patent specification teaches applying a security operation to both a parent domain and its child 
domain. 

Neither Martin, nor Avennelink nor any combination thereof teaches or suggests the method 
of claim 1 as amended. More specifically, neither of these references nor their combination teaches 
or suggests the following limitations of claim 1, 
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partitioning a plurality of business objects into a hierarchy of 
domains;... 

applying said security operation to a given domain and 
to each child domain of the given domain; 



Martin teaches, 

The directory structure comprises, for example, a tree-shaped 
hierarchy 2 of nodes 3, 4 etc leading from a root node 3 to a plurality 
of entries 5 forming the leaves of the hierarchy. Within the hierarchy, 
there are defined domains, for example domain A5 and domain B6. 

Associated with a domain, there is defined an Access Control 
List (ACL). The ACLs define access control rights for different users 
and or bodies. The ACL for a given domain is associated with the 
highest node within the domain and defines that access control rights 
for the domain . (Emphasis added.) 



See Martin at page 3, lines 45-50. 

Thus, Martin does not teach or suggest either a hierarchy of domains or applying a security 
operation to a parent domain. Rather, Martin merely teaches a hierarchy of nodes within a domain. 

Annevelink teaches, 

. . .a new technique for logically and physically clustering tuples of 
data in a database. The technique. . .is based on the pardoning 
(declustering) of a set of relations into smaller so-called local relations 
and reclustering the local relations into constructs referred to herein as 
domains. A domain as defined herein is self-contained, i.e., a domain 
contains the information for properly accessing and otherwise 
manipulating the data it contains. This is achieved by properly 
annotating and declustering the system data. Domains thus provide a 
way of partioning a database into a number of disjoint datasets so as 
to allow the efficient transfer of parts of the database across process 
and machine boundaries. (Emphasis added.) 

See Annevelink at column 6, lines 1-17. 



Annevelink also teaches, 



. . .the most important criteria to determine the domain of an object 
will be to balance increased granularity, which will reduce the amount 
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of concurrent access by increasing the granularity of locks, with 
minimizing the number of relationships between objects in different 
domains. 

Physically, a domain is a storage structure that contains the 
relationships between the objects contained in the domain, as well as 
part of the object directory defining the objects contained in the 
domain. This storage structure takes the form of a collection of tables. 
Conceptually, in accordance with the invention there is still a single 
table corresponding to the stored function, but in the actual 
implementation, this table is horizontally partitioned, resulting in a set 
of local tables, each of which is associated with a particular domain. 
Relationships involving objects contained in different domains are 
stored in a so-called global domain, which may also contain the 
objects not otherwise contained in a particular domain. All objects 
that are not explicitly contained in a physical domain are contained in 
the global domain, which is a pre-defined system object. (Emphasis 
added.) 

See Annevelink at column 10, lines 21-42. 

Annevelink further teaches, 

In sum, when used with a database management system. . ., the 
[Annevelink] invention allows user application programs to apply 
operations to sets of logically related objects. The objects that the 
user application programs apply to operations to are cached on a per 
domain basis so that the requested tuples are not spread out on a disk. 
Moreover, by caching the data on a domain basis, the granularity of 
locks may be most efficiently controlled so as to increase the 
concurrency of different applications wishing to access common 
portions of a database. (Emphasis added.) 

See Annevelink at column 20, lines 12-24. 

Thus, Annevelink actually teaches away from a hierarchy of domains and teaches away from 
applying an operation to a child domain. More particularly, Annevelink teaches local domains that 
are partitioned so as to be disjoint datasets . It is one objective of the Awevlink to minimize the 
number of relationships between objects in different domains . Annevelink teaches that all objects 
that are not contained within a physical domain, are contained in a global domain, which is a pre- 
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defined system object, to contain relations among objects in different domains . Rather than teach a 
heirarchy of domains, Annevelink teaches disjoint local domains that may be related through a 
global domain. 

The differences between the presently claimed invention and the system disclosed by 
Annevelink are not surprising since the domains in the present invention, are used to describe 
structures such as a business or an organization. While domains in the Annevelink system are 
defined so as to facilitate efficient caching and locking of data moved about within a computer 
system. 

Therefore, applicant respectfully submits that neither Martin nor Annevelink nor any 
combination thereof teaches or suggests claim 1 as amended. 

Applicant respectfully submits that the substance of the arguments set forth above for claim 
1 also apply to independent claims 12 and 23, as amended, and to dependent claims 2-11, 13-22 and 
24-32, as amended. 

Amendment of Claims 8, 10, 12, 16-17, 19, 21, 23, 27, 30 and 32 

Independent claims 12 and 23 have been amended to add limitations that generally 
correspond to the amendment discussed above for claim 1 . 

Dependent claims 8, 19 and 30 have been amended to provide antecedent basis for the term 
"category". These claims as amended add limitations similar to those in claims 1,12 and 23. 

Dependent claims 10, 16-17, 21, 27 and 32 have been amended to adopt wording that is 
consistent with their respective base claims. 

Applicant respectfully submits that now new matter has been added through the amendments 
to claims 1-32. 
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CONCLUSION 

In view of the above, each of the presently pending claims in this application is believed 
to be in immediate condition for allowance. Accordingly, the Examiner is respectfully requested to 
withdraw the outstanding rejection of the claims and to pass this application to issue. If it is 
determined that a telephone conference would expedite the prosecution of this application, the 
Examiner is invited to telephone the undersigned at the number given below. 

In the event the U.S. Patent and Trademark office determines that an extension and/or 
other relief is required, applicant petitions for any required relief including extensions of time and 
authorizes the Commissioner to charge the cost of such petitions and/or other fees due in connection 
with the filing of this document to Deposit Account No. 03-1952 referencing docket no. 
360322000900. However, the Commissioner is not authorized to charge the cost of the issue fee to 
the Deposit Account. 

Dated: June 10, 2004 Respectfully submitted, 




Registration No. : 3 1 ,506 
MORRISON & FOERSTER LLP 
425 Market Street 
San Francisco, California 94105 
(415) 268-6982 
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